On 8/21/2011 2:28 PM, Justin Aplin wrote:
On Aug 21, 2011, at 2:53 PM, Joe Btfsplk wrote:
Thanks. How "experimental" are they? They are alpha releases, after all. For
most software, alpha releases are only intended for testing (most developers stress that
point). For something involving privacy / anonymity (depending on where you live), is
using an alpha version for every day use advisable? Yes, Firefox 6 fixes security
issues, but TBB is alpha.
What you're doing here is switching from a bundle of software that has *known*,
readily-exploitable security issues, to a bundle which fixes those particular issues but
*might* have unknown security issues. Some of these unknown issues may have also existed
in the previous version(s), some may be new. Since software will rarely, if ever, be
"exploit-free", by upgrading in this manner you're taking a small risk of
opening yourself up to new exploits in order to greatly reduce your risk of being exposed
to current ones.
I've always wondered about Tor Project's (perceived) different opinion that
users should switch to a , b versions - vs. other developers' caution about
using them.
In my experience, developers usually say this because they don't want to be
held responsible (read: blamed) for compromising the stability of production
machines. This applies to Tor as well, since the alpha and beta branches tend
to crash more frequently than the stable branch does. But since the alpha and
beta branches tend to include new features, and since the majority of new
features in Tor are geared toward improving security, the same logic as above
applies.
~Justin Aplin
Thanks. In this case, I understand about FF 6 & Tor Project wanting to
move to it. Re: Tor w/ FF 6. Firefox 6 fixes known issues. The main
purpose of Tor is anonymity, not protecting against browser attacks -
yes? (though using the latest browser is good, for browser safety).
But, isn't using an in thoroughly tested Tor version more risky from an
anonymity point - ? (the risk level depending on where you live, i.e.,
"what's the worst that could happen if I get found out"). For people
living in highly repressive countries, would the bigger concern be
relatively assured anonymity, visiting an anti gov't site or preventing
a browser attack? For me, it might not be a big issue - not so sure
about some other countries.
_______________________________________________
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
